4
\chapter{Console Configuration}
5
\label{ConsoleConfChapter}
6
\index[general]{Configuration!Console}
7
\index[general]{Console Configuration}
10
\index[general]{General}
12
The Console configuration file is the simplest of all the configuration files,
13
and in general, you should not need to change it except for the password. It
14
simply contains the information necessary to contact the Director or
17
For a general discussion of the syntax of configuration files and their
18
resources including the data types recognized by {\bf Bacula}, please see
19
the \ilink{Configuration}{ConfigureChapter} chapter of this manual.
21
The following Console Resource definition must be defined:
23
\section{The Director Resource}
24
\label{DirectorResource3}
25
\index[general]{Director Resource}
26
\index[general]{Resource!Director}
28
The Director resource defines the attributes of the Director running on the
29
network. You may have multiple Director resource specifications in a single
30
Console configuration file. If you have more than one, you will be prompted to
31
choose one when you start the {\bf Console} program.
35
\index[console]{Director}
36
Start of the Director directives.
38
\item [Name = \lt{}name\gt{}]
40
The director name used to select among different Directors, otherwise, this
43
\item [DIRPort = \lt{}port-number\gt{}]
45
Specify the port to use to connect to the Director. This value will most
46
likely already be set to the value you specified on the {\bf
47
\verb:--:with-base-port} option of the {\bf ./configure} command. This port must be
48
identical to the {\bf DIRport} specified in the {\bf Director} resource of
49
the \ilink{Director's configuration}{DirectorChapter} file. The
50
default is 9101 so this directive is not normally specified.
52
\item [Address = \lt{}address\gt{}]
54
Where the address is a host name, a fully qualified domain name, or a network
55
address used to connect to the Director.
57
\item [Password = \lt{}password\gt{}]
59
Where the password is the password needed for the Director to accept the
60
Console connection. This password must be identical to the {\bf Password}
61
specified in the {\bf Director} resource of the
62
\ilink{Director's configuration}{DirectorChapter} file. This
63
directive is required.
66
An actual example might be:
72
address = rufus.cats.com
73
password = xyz1erploit
78
\section{The ConsoleFont Resource}
79
\index[general]{Resource!ConsoleFont}
80
\index[general]{ConsoleFont Resource}
82
The ConsoleFont resource is available only in the GNOME version of the
83
console. It permits you to define the font that you want used to display in
84
the main listing window.
89
\index[console]{ConsoleFont}
90
Start of the ConsoleFont directives.
92
\item [Name = \lt{}name\gt{}]
96
\item [Font = \lt{}Pango Font Name\gt{}]
98
The string value given here defines the desired font. It is specified in the
99
Pango format. For example, the default specification is:
103
Font = "LucidaTypewriter 9"
109
Thanks to Phil Stracchino for providing the code for this feature.
111
An different example might be:
117
Font = "Monospace 10"
122
\section{The Console Resource}
123
\label{ConsoleResource}
124
\index[general]{Console Resource}
125
\index[general]{Resource!Console}
127
As of Bacula version 1.33 and higher, there are three different kinds of
128
consoles, which the administrator or user can use to interact with the
129
Director. These three kinds of consoles comprise three different security
133
\item The first console type is an {\bf anonymous} or {\bf default} console,
134
which has full privileges. There is no console resource necessary for this
135
type since the password is specified in the Director resource. This is the
136
kind of console that was initially implemented in versions prior to 1.33 and
137
remains valid. Typically you would use it only for administrators.
139
\item The second type of console, and new to version 1.33 and higher is a
140
"named" or "restricted" console defined within a Console resource in
141
both the Director's configuration file and in the Console's
142
configuration file. Both the names and the passwords in these two
143
entries must match much as is the case for Client programs.
145
This second type of console begins with absolutely no privileges except
146
those explicitly specified in the Director's Console resource. Note,
147
the definition of what these restricted consoles can do is determined
148
by the Director's conf file.
150
Thus you may define within the Director's conf file multiple Consoles
151
with different names and passwords, sort of like multiple users, each
152
with different privileges. As a default, these consoles can do
153
absolutely nothing -- no commands what so ever. You give them
154
privileges or rather access to commands and resources by specifying
155
access control lists in the Director's Console resource. This gives the
156
administrator fine grained control over what particular consoles (or
159
\item The third type of console is similar to the above mentioned
160
restricted console in that it requires a Console resource definition in
161
both the Director and the Console. In addition, if the console name,
162
provided on the {\bf Name =} directive, is the same as a Client name,
163
the user of that console is permitted to use the {\bf SetIP} command to
164
change the Address directive in the Director's client resource to the IP
165
address of the Console. This permits portables or other machines using
166
DHCP (non-fixed IP addresses) to "notify" the Director of their current
171
The Console resource is optional and need not be specified. However, if it is
172
specified, you can use ACLs (Access Control Lists) in the Director's
173
configuration file to restrict the particular console (or user) to see only
174
information pertaining to his jobs or client machine.
176
You may specify as many Console resources in the console's conf file. If
177
you do so, generally the first Console resource will be used. However, if
178
you have multiple Director resources (i.e. you want to connect to different
179
directors), you can bind one of your Console resources to a particular
180
Director resource, and thus when you choose a particular Director, the
181
appropriate Console configuration resource will be used. See the "Director"
182
directive in the Console resource described below for more information.
184
Note, the Console resource is optional, but can be useful for
185
restricted consoles as noted above.
189
\index[console]{Console}
190
Start of the Console resource.
192
\item [Name = \lt{}name\gt{}]
193
\index[console]{Name}
194
The Console name used to allow a restricted console to change
195
its IP address using the SetIP command. The SetIP command must
196
also be defined in the Director's conf CommandACL list.
199
\item [Password = \lt{}password\gt{}]
200
\index[console]{Password}
201
If this password is supplied, then the password specified in the
202
Director resource of you Console conf will be ignored. See below
205
\item [Director = \lt{}director-resource-name\gt{}]
206
If this directive is specified, this Console resource will be
207
used by bconsole when that particular director is selected
208
when first starting bconsole. I.e. it binds a particular console
209
resource with its name and password to a particular director.
211
\item [Heartbeat Interval = \lt{}time-interval\gt{}]
212
\index[console]{Heartbeat Interval}
213
\index[console]{Directive!Heartbeat}
214
This directive is optional and if specified will cause the Console to
215
set a keepalive interval (heartbeat) in seconds on each of the sockets
216
to communicate with the Director. It is implemented only on systems
217
(Linux, ...) that provide the {\bf setsockopt} TCP\_KEEPIDLE function.
218
The default value is zero, which means no change is made to the socket.
223
The following configuration files were supplied by Phil Stracchino. For
224
example, if we define the following in the user's bconsole.conf file (or
225
perhaps the bwx-console.conf file):
233
Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
238
Name = restricted-user
239
Password = "UntrustedUser"
244
Where the Password in the Director section is deliberately incorrect, and the
245
Console resource is given a name, in this case {\bf restricted-user}. Then
246
in the Director's bacula-dir.conf file (not directly accessible by the user),
252
Name = restricted-user
253
Password = "UntrustedUser"
254
JobACL = "Restricted Client Save"
255
ClientACL = restricted-client
256
StorageACL = main-storage
259
FileSetACL = "Restricted Client's FileSet"
260
CatalogACL = DefaultCatalog
266
the user logging into the Director from his Console will get logged in as {\bf
267
restricted-user}, and he will only be able to see or access a Job with the
268
name {\bf Restricted Client Save} a Client with the name {\bf
269
restricted-client}, a Storage device {\bf main-storage}, any Schedule or Pool,
270
a FileSet named {\bf Restricted Client's FileSet}, a Catalog named {\bf
271
DefaultCatalog}, and the only command he can use in the Console is the {\bf
272
run} command. In other words, this user is rather limited in what he can see
275
The following is an example of a bconsole conf file that can access
276
several Directors and has different Consoles depending on the director:
284
Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
288
Name = SecondDirector
290
Address = secondserver
291
Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
295
Name = restricted-user
296
Password = "UntrustedUser"
297
Director = MyDirector
301
Name = restricted-user
302
Password = "A different UntrustedUser"
303
Director = SecondDirector
308
The second Director referenced at "secondserver" might look
314
Name = restricted-user
315
Password = "A different UntrustedUser"
316
JobACL = "Restricted Client Save"
317
ClientACL = restricted-client
318
StorageACL = second-storage
321
FileSetACL = "Restricted Client's FileSet"
322
CatalogACL = RestrictedCatalog
323
CommandACL = run, restore
331
\section{Console Commands}
332
\index[general]{Console Commands}
333
\index[general]{Commands!Console}
335
For more details on running the console and its commands, please see the
336
\ilink{Bacula Console}{_ConsoleChapter} chapter of this manual.
338
\section{Sample Console Configuration File}
339
\label{SampleConfiguration2}
340
\index[general]{File!Sample Console Configuration}
341
\index[general]{Sample Console Configuration File}
343
An example Console configuration file might be the following:
348
# Bacula Console Configuration File
352
address = "my_machine.my_domain.com"
353
Password = Console_password